Clean Up Expired AWS ACM Certificates with Slack Approval

Nodes

Automatic Clean Up Expired AWS ACM Certificates with Human Approval

Automate the cleanup of expired AWS ACM certificates with Slack-based approval. This workflow helps maintain a secure and tidy AWS environment by detecting expired SSL certs, sending detailed Slack notifications to admins, and deleting them upon approval, ensuring full visibility and control over certificate lifecycle management.

🧑‍💼 Who’s it for

This workflow is designed for:

AWS administrators who want to keep their environment clean and secure
DevOps teams managing SSL lifecycle in AWS ACM
IT Admins needing visibility and control over expired cert removal
Teams that use Slack for collaboration and approvals

⚙️ How it works / What it does

This automated workflow performs the following tasks on a daily schedule:

Fetch all ACM certificates in your AWS account.
Filter out the expired ones by comparing expiration date and status.
Send a Slack approval message with certificate details to the admin team.
Wait for approval response directly in Slack (✅ to approve deletion).
If approved, it deletes the expired certificate using AWS ACM.
Finally, it notifies the IT admin about the action taken.

🔧 How to set up

Create the Workflow
- Add the nodes as shown:
  - Schedule Trigger
  - AWS - ACM: listCertificates
  - AWS - ACM: describeCertificate (loop per cert)
  - IF Node to filter expired certs
  - Slack - Send & Wait for Reaction
  - AWS - ACM: deleteCertificate
  - Slack - Post Message to notify
Configure Slack
- Create a Slack Bot Token with:
  - chat:write
  - reactions:read
  - channels:read
- Connect it in your Slack nodes.
Configure AWS Credentials
- Use IAM User or Role with:
  - acm:ListCertificates
  - acm:DescribeCertificate
  - acm:DeleteCertificate
Set schedule
- Daily, Weekly, or custom cron expression.